Enforcing the GNU GPL

Microsoft's anti-GPL offensive this summer has sparked renewed
speculation about whether the GPL is “enforceable.” This
particular example of “FUD” (fear, uncertainty and doubt)
is always a little amusing to me. I'm the only lawyer on earth who
can say this, I suppose, but it makes me wonder what everyone's
wondering about: Enforcing the GPL is
something that I do all the time.

Because free software is an
unorthodox concept in contemporary society, people tend to assume that
such an atypical goal must be pursued using unusually ingenious, and
therefore fragile, legal machinery. But the assumption is faulty. The
goal of the Free Software Foundation in designing and publishing the GPL,
is unfortunately unusual: we're reshaping how programs are made in
order to give everyone the right to understand, repair, improve, and
redistribute the best-quality software on earth. This is a transformative
enterprise; it shows how in the new, networked society traditional ways of
doing business can be displaced by completely different models of
production and distribution. But the GPL, the legal device that makes
everything else possible, is a very robust machine precisely because it is
made of the simplest working parts.

The essence of copyright law, like other systems of property rules, is the
power to exclude. The copyright holder is legally empowered to exclude
all others from copying, distributing, and making derivative works.

This right to exclude implies an equally large power to
license—that is, to grant permission to do what would otherwise
be forbidden. Licenses are not contracts: the work's user is obliged
to remain within the bounds of the license not because she voluntarily
promised, but because she doesn't have any right to act at all except
as the license permits.

But most proprietary software companies want more power than copyright
alone gives them. These companies say their software is
“licensed” to consumers, but the license contains
obligations that copyright law knows nothing about. Software you're
not allowed to understand, for example, often requires you to agree
not to decompile it. Copyright law doesn't prohibit decompilation,
the prohibition is just a contract term you agree to as a condition of
getting the software when you buy the product under shrink wrap in a
store, or accept a “clickwrap license” on line. Copyright
is just leverage for taking even more away from users.

The GPL, on the other hand, subtracts from copyright rather than adding to
it. The license doesn't have to be complicated, because we try to control
users as little as possible. Copyright grants publishers power to forbid
users to exercise rights to copy, modify, and distribute that we believe
all users should have; the GPL thus relaxes almost all the restrictions of
the copyright system. The only thing we absolutely require is that anyone
distributing GPL'd works or works made from GPL'd works distribute in turn
under GPL. That condition is a very minor restriction, from the copyright
point of view. Much more restrictive licenses are routinely held
enforceable: every license involved in every single copyright lawsuit is
more restrictive than the GPL.

Because there's nothing complex or controversial about the license's
substantive provisions, I have never even seen a serious argument that the
GPL exceeds a licensor's powers. But it is sometimes said that the GPL
can't be enforced because users haven't “accepted” it.

This claim is based on a misunderstanding. The license does not require
anyone to accept it in order to acquire, install, use, inspect, or even
experimentally modify GPL'd software. All of those activities are either
forbidden or controlled by proprietary software firms, so they require you
to accept a license, including contractual provisions outside the reach of
copyright, before you can use their works. The free software movement
thinks all those activities are rights, which all users ought to have; we
don't even want to cover those activities by license. Almost
everyone who uses GPL'd software from day to day needs no license, and
accepts none. The GPL only obliges you if you distribute software made
from GPL'd code, and only needs to be accepted when redistribution occurs.
And because no one can ever redistribute without a license, we can safely
presume that anyone redistributing GPL'd software intended to accept the
GPL. After all, the GPL requires each copy of covered software to include
the license text, so everyone is fully informed.

Despite the FUD, as a copyright license the GPL is absolutely solid.
That's why I've been able to enforce it dozens of times over nearly ten
years, without ever going to court.

Meanwhile, much murmuring has been going on in recent months to the
supposed effect that the absence of judicial enforcement, in US or other
courts, somehow demonstrates that there is something wrong with the GPL,
that its unusual policy goal is implemented in a technically indefensible
way, or that the Free Software Foundation, which authors the license, is
afraid of testing it in court. Precisely the reverse is true. We do not
find ourselves taking the GPL to court because no one has yet been willing
to risk contesting it with us there.

We reach this stage dozens of times a year. A quiet initial contact is
usually sufficient to resolve the problem. Parties thought they were
complying with GPL, and are pleased to follow advice on the correction of
an error. Sometimes, however, we believe that confidence-building
measures will be required, because the scale of the violation or its
persistence in time makes mere voluntary compliance insufficient. In such
situations we work with organizations to establish GPL-compliance programs
within their enterprises, led by senior managers who report to us, and
directly to their enterprises' managing boards, regularly. In
particularly complex cases, we have sometimes insisted upon measures that
would make subsequent judicial enforcement simple and rapid in the event
of future violation.

In approximately a decade of enforcing the GPL, I have never insisted on
payment of damages to the Foundation for violation of the license, and I
have rarely required public admission of wrongdoing. Our position has
always been that compliance with the license, and security for future good
behavior, are the most important goals. We have done everything to make
it easy for violators to comply, and we have offered oblivion with respect
to past faults.

In the early years of the free software movement, this was probably the
only strategy available. Expensive and burdensome litigation might have
destroyed the FSF, or at least prevented it from doing what we knew was
necessary to make the free software movement the permanent force in
reshaping the software industry that it has now become. Over time,
however, we persisted in our approach to license enforcement not because
we had to, but because it worked. An entire industry grew up around free
software, all of whose participants understood the overwhelming importance
of the GPL—no one wanted to be seen as the villain who stole free
software, and no one wanted to be the customer, business partner, or even
employee of such a bad actor. Faced with a choice between compliance
without publicity or a campaign of bad publicity and a litigation battle
they could not win, violators chose not to play it the hard way.

We have even, once or twice, faced enterprises which, under US
copyright law, were engaged in deliberate, criminal copyright
infringement: taking the source code of GPL'd software, recompiling it
with an attempt to conceal its origin, and offering it for sale as a
proprietary product. I have assisted free software developers other
than the FSF to deal with such problems, which we have
resolved—since the criminal infringer would not voluntarily
desist and, in the cases I have in mind, legal technicalities
prevented actual criminal prosecution of the violators—by
talking to redistributors and potential customers. “Why would
you want to pay serious money,” we have asked, “for
software that infringes our license and will bog you down in complex
legal problems, when you can have the real thing for free?”
Customers have never failed to see the pertinence of the question.
The stealing of free software is one place where, indeed, crime
doesn't pay.

But perhaps we have succeeded too well. If I had used the courts to
enforce the GPL years ago, Microsoft's whispering would now be falling
on deaf ears. Just this month I have been working on a couple of
moderately sticky situations. “Look,” I say, “at
how many people all over the world are pressuring me to enforce the
GPL in court, just to prove I can. I really need to make an example
of someone. Would you like to volunteer?”

Someday someone will. But that someone's customers are going to go
elsewhere, talented technologists who don't want their own reputations
associated with such an enterprise will quit, and bad publicity will
smother them. And that's all before we even walk into court. The first
person who tries it will certainly wish he hadn't. Our way of doing law
has been as unusual as our way of doing software, but that's just the
point. Free software matters because it turns out that the different way
is the right way after all.

Eben Moglen is professor of law and legal history at Columbia University
Law School. He serves without fee as General Counsel of the Free Software
Foundation.